[REBOL] Re: DOing a script from REBOL.org
From: SunandaDH::aol::com at: 31-Oct-2006 6:57
Rebolek:
> Hm, I never knew I would create so much problems
Not your problems! They're problems mainly to do with embedding scripts in
HTML pages in a way that is both:
a) safe (ie we escape characters that could be used to execute XSS and other
types of attack); and
b) executable by REBOL
It's tricky to get it all right.
> So I'm now uploading new version that does not check for its header.
There is no in-principle reason why scripts in the Library should not assume
they have been installed. Many do. But if it can be avoided, that makes things
more flexible. Thanks for the revised version.
Gabriele:
> Maybe you can use a CDATA section?
Maybe. But then we'd have to escape the ]]> string that closes a CDATA (to
stop someone uploading a script that contains a close CDATA sctring followed by
malicious HTML.
There's no ideal solution -- not that I know of, anyway.
Sunanda.